On Wed, Jun 18, 2025, 11:12 Alexander Bokovoy <aboko...@redhat.com> wrote:
> On Срд, 18 чэр 2025, Cyrus via FreeIPA-users wrote: > >Hello! > > > >I'm having random login issues vía ssh (IPA managed servers, AD users) and > >I realized that out of the two Free IPA servers, only one of them lists > >winbibd and smb in "ipactl status" > > > >Almost everything works on ipa02 (discovery vía DNS, kerberos via kinit) > >but user resolution fails (id/getent) > > > >Should I setup trust in both servers? > > No. Once trust is established, it does not need to be re-established. > What you need to do is to make sure your other replicas have trust agent > role. > > Please read the documentation: > > https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_trust_between_idm_and_ad/setting-up-a-trust_installing-trust-between-idm-and-ad#proc_creating-a-trust-agent_setting-up-a-trust > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > Hello!, Somehow I missed that documentation. ID resolution works now in the replica!!. Hope it fixes my random authentication issues. Regards, Cyrus
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
